US Wants Courts to OK Warrantless Email Snooping

Erris writes "The Register is reporting that the US government is seeking unprecedented access to private communications between citizens. 'On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. ... the position that the United States government is taking if accepted, may mean that the government can read anybody's email at any time without a warrant. The most distressing argument the government makes in the Warshak case is that the government need not follow the Fourth Amendment in reading emails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP.'"

Re:"Land of the Free"

[rvw]

"The government".... Does that mean Bush and his mates can monitor all Democratic email traffic? That would be handy for the upcoming elections!

What privacy?

[cenonce]

ISPs are not government entities, though I get that in the digital age, the line of who is a state actor and what is a state action is less clear. So there is no 4th amendment protection against what the ISPs do with your data (though there may be some statutory or common law tort theories for privacy violations). ISPs can provide you service under any terms they see fit, and you certainly don't have a constitutional right to broadband internet access.

The far more impacting (and interesting) legal question is how the courts are going to view the 4th amendment (and others) in light of the way communications are stored for eternity on the internet. A traditional approach seems unwise, since the way ISPs word their terms of service make it so your data practically falls under the "open fields" doctrine for purposes of search and seizure. On the other end of the spectrum, I don't want police investigations entirely shut down just because we want heightened protections for data that we keep in essentially insecure methods.

If you are that worried about privacy, use PGP or GPG.

Re:What privacy?

I agree with this ... they guy at the top of SBC before it forcfully boughtout AT&T (for a rediculously low sum i may add) a few years ago, spent the first year in the Whitehouse with bush. I wonder why his title when at SBC was Vice President of External Affairs..
He is even so proud to admit he was in the WH with bush on his image for the company.

Re:What privacy?

[cenonce]

Maybe in Deadwood (which I never watched), ISPs are state actors, but not in the U.S.

I do however see the point you are trying to make. Unfortunately, I don't think the line is so easily draw with ISPs as to when they may be doing "state action" and when they are private companies asserting their position of strength over the consumer. At least, the world has come a long way since Marsh v. Alabama.

Foreign emails too?

[Peeloo]

Does it mean that if I use an US mail server, like gmail, from a foreign country, these mails can be wiretap too?

Re:"Land of the Free"

[jamar0303]

Depends on what you do in your day-to-day life. Quite a few times I feel more free in China than I do than America (particularly when it comes to cellphones- carrier locking? Even the CDMA carrier here has open phones, and if it's locked, the locals will find a way to unlock it- with a couple of exceptions- not the iPhone).

Re:Not so fast

That e-mail in Norway is eventually coming to you via your ISP... I'd be worried about them looking at that.

Honestly, as a Canadian who's company relies entirely on rented data center space. We've chosen not to put any of our services in the US because we're afraid of your Government. It seems every other day they've got a new reason why they need to look at even more data belonging to anyone they want.

Re:Outrageous conclusion?

If you think the current administration is responsible for the exponential growth of the US government over the past 200 years, in both revenue and power over the people, then you haven't been paying attention to history.

There's a reason why every year we are subject to more laws than the year before. There's a reason why every year government spends more than the year before. There's a reason why every year power is concentrated further into the hands of the few. There's a reason why every year you are less free than the year before.

What could the reason be? Here's a hint: It ain't because making government bigger is unprofitable for the people in the business of government.

Re:"Think about it"

[Opportunist]

I'm a statistician (yes, the ways of the invisible pink unicorn are odd and I ended up in antivirus research). One of the things our department head at the university kept repeating over and over was to get your facts straight, verify your facts, test your facts and most of all, don't interpret them until you have at the very least thought of a way to interpret them to argue exactly in the opposite direction. If you can use them that way, toss your facts, your statistic and everything you want to argue for. They don't prove anything.

If there's one thing I learned during my courses there (I couldn't even do a halfway decent statistic anymore, to be honest), it's that facts aren't facts until you can prove they are. No matter how solid they look, even if netcraft confirms it (even if netcraft doesn't), make sure it's not just circle-jerk. If A postulates something and B's only confirmation is that A said it, B hasn't said anything at all.

Unfortunately, you're right in one thing: We don't need proof to operate. All we want is our prejudices being confirmed somehow. You can see it here, even. Make up a story of $evil_corp slaughtering baby squids for cheap ink and watch people jump on it.

Re:Let them read... my headers.

[hacker]

I could care less about my public mailing list messages, it's the other email that matters.

Is DHS going to really put me on a watch list because of my contributions to Project Gutenberg, Plucker, the core Mediawiki code or dozens of my other contributions? Not likely.

Are they going to put me on a watch list because of my political affiliations? My emails pointing out the egregious flaws in our administration? The methods people can use to personally protect themselves from an oppressive government? You bet. (I'm already on that list, no-doubt).

And if there are two standards, and users want secure email, they decide on the one with the broadest penetration... and that is GPG (i.e. works on all platforms, plugins for all clients, freely available, fully OSS, etc.)

Apple logo and Turing.

[TapeCutter]

"to any citizen who believes in a free and open society, I'll be EXTRA worried when they outlaw encryption..."

Oddly enough until recently it was standard practice for western governments to "outlaw encryption". Before public key encryption came along some of the 'founding farthers' of computer science had worked out how to crack most types of encryption with relative ease and on the side they built computers with meccano sets that calculated trajectory tables.

As a direct result of the German and Japaneese "enigma" machines that they reverse engineered the allies were able to manipulate submarines into surfacing where they wanted thus keeping the Atlantic open for the merchant navy, the icing on the cake came when they used the same methods to put the Japanese fleet in the desired position for the allied ambush at the battle of Midway.

The tragedy is that after the war href="http://en.wikipedia.org/wiki/Alan_Turing">Alan Turing was hounded by his own goverment because he was homosexual to the extent of being chemically castrated by order of the court, officially he suicided but it is also possible he was murdered or accidently poisioned himself (like any self respecting geek he kept chemicals in the kitchen fridge).

Encryption technology was (still is?) regarded as a "munition", you could (still can?) be charged with treason here in Australia and the US/UK had (have?) similar rules. Exporting encryption software from the US was a big deal in the early 90's, the guy who came up with PGP had plenty of hassles in this area and there was mass confusion by MS and others about the strength of the encryption that could be exported (IBM had been working with spooks for decades and did not seem to be as confused). First you were not allowed to export anything, then it was restiricted to 48bit, then it was 128bit, I lost track after 1028bit because the government basically gave up trying to control it in the mid nineties, it was simply too usefull to banks in particular and bussiness in general.

IMHO the PGP guy deserves some of the credit for bringing the issue to light but it was inevitable that governments would lose interest in "outlawing" encryption since with modern encryption methods, having access to the algorithm does not help you to decrypt the text without the private key, and the public key only allows you to encryt text - it's a whole other kind of "enigma" to the ones solved at Betchly Park and elsewhere. Once you have the algorithim you can make the bit strength anything you like and IIRC the algorithim has been public knowledge since the 70's. Probably the last vestige of these laws that is noticable today is reflected in the difficulty and often illeaglity of encrypting voice communications without some sort of government key escrow.

To sum up: Freedom is a state of mind, everything else is constrained by the shackles and barbs of society.

Trivia: It has been speculated that the apple logo is a tribute to Turing because he died from eating an apple contaminated with cyanide.

Re:"Land of the Free"

If you think Freedom is about whether or not your cell phone is locked into a specific carrier, you need to seriously rethink the issue.

Freedom is being able to have as many kids as you can afford, or not to have any.
Freedom is living where you can afford and want to live.
Freedom is saying what you want without fear of being sent to a re-education camp.
Freedom is being able to protest without being run over by a tank.
Freedom is being able travel from place to place as you please.
Freedom is being able to defend yourself with your own firearm.
Freedom is being able to vote for who you want to run the government.

To name just a few.

Sure, all these freedoms need to be exercised responsibly and sometimes the implementation is flawed, a point that many people use to argue that these really do not exist. But those people are perennial complainers who are probably sympathetic to anarchism.

Whether or not the government reads your email, which is probably already read by your ISP, is a fairly trivial concern when compared to many other things the government could do. And if it bothers you, there is a process (if you can convince enough people) to end the practice which is to change the government by voting.

But to stand up and shout Nazi, Fascism, Dictatorship, and/or make comparisons to other nations that are patently not free whenever the government does something you don't like, makes you look like a left wing, tin foil hat, nut case.

Of course, you are free to do that too.

Time to think about SSL/TLS and GPG

A few months ago I enabled SMTP Auth on my outbound mailserver. Because my Auth database is LDAP I also had to add SSL/TLS to secure the contents of the email in transit. If I understand correctly this means that communications between my mailserver and another server that can do SSL/TLS will be automatically encrypted in transit. This isn't a complete solution but it does make it difficult/impossible to capture email transmissions over the wire. Gpg completes the picture.

Between the problem of spam and the governments propensity to monitor communications I'm thinking that this the way most mailservers should be configured going forward. I believe that Americans still have a right to privacy but obviously the government differs so we must guarantee that right for ourselves.

Re:Right..

[pla]

Because, of course, terrorists are using unencrypted email to plan their misdeeds.

Some do. The stupid ones that keep getting caught do.

The rest (including the successful ones) either don't use email at all, or they use all the best privacy-protecting tools available.

Re:"Think about it"

[ajs]

Alarmist? Here's what he said:

What is important in this case is not the ultimate resolution of that narrow issue, but the position that the United States government is taking on the entire issue of electronic privacy. That position, if accepted, may mean that the government can read anybody's e-mail at any time without a warrant. This seems to be a fairly reasonable assessment of the situation. The assertion in this case is that electronic mail has no reasonable expectation of privacy. If that's upheld, then the 4th amendment doesn't apply.

Your comment about "followers" of Security Focus is way off base. Outside of the world of artificially constructed arguments on TV, people aren't "followers" of news outlets. We are readers or subscribers or viewers, but we're not "followers." You might want to re-evaluate how you select and scrutinize your news.

PS: I'll note that I've been saying for years that it's imperative for stand-alone personal MTAs to remain viable, and this is why. Routine, passive end-to-end encryption is the way that we make this impractical.

Re:Postcard/email analogy...

[conlaw]

The Sixth Circuit panel that decided the case did not agree with your view that one does not have a "reasonable expectation of privacy" with regard to email being stored by the ISP.

It is true ... that by sharing communications with someone else, the speaker or writer assumes the risk that it could be revealed to the government by that person, or obtained through a subpoena directed to that person. ... The same does not necessarily apply, however, to an intermediary that merely has the ability to access the information sought by the government. Otherwise phone conversations would never be protected, merely because the telehone company can access them; letters would never be protected, by virtue of the Postal Service's ability to access them; the contents of shared safe deposit boxes or storage lockers would never be protected, by virtue of the bank or storage company's ability to access them.

The entire opinion can be found at http://w2.eff.org/legal/cases/warshak_v_usa/6th_circuit_decision_upholding_injunction.pdf

Re:pardon?

[mbone]

I do wonder though if Bush can pardon himself.

No, he can't. Nor can he pardon anyone else "in cases of impeachment." From Aricle II, Section 2 :

...and he shall have power to grant reprieves and pardons for offenses against the United States, except in cases of impeachment.

Note that it doesn't say anywhere that impeachment cannot be done after the end of an administration.

Nor, in practice, can he pardon war crimes, as they are globally enforceable. It's the war crimes charges that will eventually put these clowns in jail.

Re:"Land of the Free"

[jamar0303]

I've lived in both China and America (currently live in the former and am a citizen of the latter) and I'm just commenting on what my everyday life feels like. I can talk political all I want at school and with friends. That's not been taken away from me when I left America. For me freedom is being able to toss my current carrier when they're crap, to be able to walk the streets at night without being harassed by cops, (for my friends, not so much for me) to be able to go clubbing without being denied just because they're a little young. That's what matters to me as a teenager right now. Oh, and about half that list woud be valid and half not- I can go anywhere I want without problems, I can live where I want without problems, and... I don't have kids, but I have had friends who have come close to (one girl at my school is known for having multiple abortions- that's also a freedom that's in danger in America, due to pro-life groups, that's not in China).

Re:Postcard/envelope analogy

[vrmlguy]

Well, I was going to ask about your public key, but I've run into a roadblock of sorts. Like many sites, /. lets you post personal information about yourself, such as AIM info, ICQ UIN, Yahoo! ID, Jaber, a public Calendar, a Mobile Text Address, and a Public Key. Some of it, such as Jabber info, is displayed on my user page. However, I can't seem to figure out how to view anyone's public key. Before I dive into the source, anyone got a clue? Thanks!

Re:"Think about it"

[spun]

I have no idea if you think of yourself as a Christian, but I don't think your theology matches mainstream Christianity. First off, God doesn't care what you've done as long as you accept Christ as your personal savior. Good works won't get you into heaven. Second, God's judgment is absolute in a way mere mortals' never can be. Forgot to ask Christ's forgiveness, even though you've led an exemplary life? You are going to hell FOREVER. Infinite punishment for finite sin is pretty damn absolute.

As for privacy, it is only needed because some people have more power to gather and act on information than others. No one has a right to be able to hide their embarrassment, they have a right not to do embarrassing things. If we could all see what everyone was doing, including what everyone was doing about what everyone else was doing, then no one could abuse the information they gathered, because everyone would know they had abused it. Privacy is a stopgap measure.